On Wed, 24 Oct 2007, Henning Brauer wrote:
> * adam.getchell@gmail.com  [2007-10-24 03:03]:

quoted text
> > Virtualization seems to have a lot of security benefits

>

> seems?

> to whom?

>

Virtualization provides near absolute security - DOM0 is not visible to

the user at all, only passing network traffic and handling kernel calls.

The security comes about in that each DOMU is totally isolated from the

the others, while the core DOM0 is isolated from any attacks.

There is also a big benefit when maintaing VM images - restoring a VM in

the case of corruption/attach/whatever is as simple as reloading a copy of

that image and connecting to system data on the local SAN.
Irrespective of the guest OS, there is good security between the

virtualized machines. Running OBSD as the guest OS provides the best of

both worlds, and it would be great if OBSD would run paravirtualized for

the best performance, but apparently nobody has a need for that

functionality.
> to people who never wrote a line of code and don't understand how

quoted text
> things work?

>

Nobpdy has to write any code to understand that - the secuity benefits

are ovbious to everyone from the PHBs to the admins. Of course, this is

most obvious in 'enterprise space', which is pretty far removed from the

typical OBSD world.

	Lee
================================================

  Leland V. Lammert            lvl@omnitec.net

    Chief Scientist     Omnitec Corporation

 Network/Internet Consultants   www.omnitec.net

================================================